From 1a2b7849bea5fbebce031546f27367b1b1710cac Mon Sep 17 00:00:00 2001 From: Akshesh Date: Mon, 28 Mar 2016 11:58:51 +0530 Subject: [PATCH] Fixed #21734 -- Handled ProtectedError in a POST to admin's delete_selected action --- django/contrib/admin/actions.py | 2 +- tests/admin_views/tests.py | 16 ++++++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/django/contrib/admin/actions.py b/django/contrib/admin/actions.py index 80b0ac83d6c79..6fdf070694277 100644 --- a/django/contrib/admin/actions.py +++ b/django/contrib/admin/actions.py @@ -38,7 +38,7 @@ def delete_selected(modeladmin, request, queryset): # The user has already confirmed the deletion. # Do the deletion and return a None to display the change list view again. - if request.POST.get('post'): + if request.POST.get('post') and not protected: if perms_needed: raise PermissionDenied n = queryset.count() diff --git a/tests/admin_views/tests.py b/tests/admin_views/tests.py index 4802827a5c436..ed71d6da46efb 100644 --- a/tests/admin_views/tests.py +++ b/tests/admin_views/tests.py @@ -3156,6 +3156,22 @@ def test_model_admin_default_delete_action_no_change_url(self): # The page shouldn't display a link to the nonexistent change page self.assertContains(response, "
  • Unchangeable object: UnchangeableObject object
    • ", 1, html=True) + def test_post_delete_action_protected(self): + """ + A POST request to delete protected objects should display the page + which says the deletion is prohibited. + """ + q = Question.objects.create(question='Why?') + Answer.objects.create(question=q, answer='Because.') + + response = self.client.post(reverse('admin:admin_views_question_changelist'), { + ACTION_CHECKBOX_NAME: [q.pk], + 'action': 'delete_selected', + 'post': 'yes', + }) + self.assertEqual(Question.objects.count(), 1) + self.assertContains(response, "would require deleting the following protected related objects") + def test_custom_function_mail_action(self): "Tests a custom action defined in a function" action_data = {